Cardholder Information Security Program or CISP

A brief history

Even before the establishment and mandate of the Payment Card Industry Data Security Standard or PCI DSS, Visa USA was already thinking about the increasing need for newer more advanced protection for their customers. As cyber criminals come up with new and ingenious ways to intercept and abuse data, along with rapid advances in processing technology and methods of processing, the need for a dynamic and adaptive set of security controls becomes apparent. The Cardholder Information Security Program CISP was a program originally established by Visa USA. Implemented in June of 2001, the program was created to ensure the security of cardholder information. This information must be secure as it is being processed and stored by merchants and service providers. 
CISP has since been superseded in favor of the Payment Card Industry Data Security Standard. The PCI DSS is a multi-vendor (currently sponsored by all 5 of the major credit card and service issuers: Visa; MasterCard; Discover; American Express and JCB) initiative to address and resolve Payment Card Industry data security issues.  Both the CISP and PCI DSS allow for adaptation and assimilation of new protections as they become necessary and available. 


When customers offer their bankcard at the point of sale, over the Internet, on the phone, or through the mail, that information becomes exposed and vulnerable, however briefly. Cardholders want assurance that their account information is safe.  In recognition of the need for security control standards, Visa Inc. instituted the Cardholder Information Security Program. Mandated since June 2001, it is intended to protect Visa cardholder datawherever it resides–whether it is in electronic media format or hard copy format-ensuring that members, merchants, and service providers maintain the highest information security standard.
In 2004, the requirements were incorporated into an industry standard known as Payment Card Industry (PCI) Data Security Standard (DSS). This was the result of a cooperative effort between Visa, MasterCard, American Express, Discover and JCB to create common and uniform industry security requirements.  Officially going into Effect on September 7, 2006, the PCI Security Standards Council (SSC) owns, maintains and distributes the PCI DSS and all its supporting documents.  Visa, however, continues hands-on management of all data security compliance enforcement and validation initiatives with regard to the program and the PCI DSS for PCI compliance.

The Cardholder Information Security Program was a program established by Visa USA to ensure the security of cardholder information as it is being processed and stored by merchants and service providers.

CISP has since been superseded by the PCI Data Security Standard, a multi-vendor initiative to tackle Payment Card Industry security issues Visa PCI security.